Messaging systems, such as e-mail systems, instant messaging systems, and the like, are susceptible to unwanted attacks in the form of spam, phishing, viruses, etc. Most of these attacks are carried out by automated systems that programmatically generate thousands of messages to legitimate systems, bombarding them with advertisements, messages containing viruses or deceptive information gathering messages, etc.
Non-real-time systems (e.g. e-mail systems) have sufficient time to adequately filter messages and can detect and delete most undesirable messages. But the problem becomes even more pronounced in real-time systems, such as an instant messaging system, because the real-time nature of the system prevents implementation of rigorous authorization logic.
One method that has been used to prevent automated attacks in non-real-time systems is to provide a challenge to a sender of a message that requires human intervention to answer. In some instances, the challenge is a graphic that includes a word jumbled to a point where automated character recognition cannot recognize the word, but a human can. A human can provide an appropriate response to the challenge for authorization where a machine cannot.
However, providing a challenge to suspect users in a real-time system that typically processes thousands of messages per second requires a prohibitive amount of overhead and processing in-band challenges can adversely affect the real-time performance required in such systems.